Where has the staging URL PR comment generated by my GitHub Actions workflow gone?

author Richard Fennell calendar Jul 2, 2024 · 2 min read  ·
Share on: linkedin copy

The Issue

Last week I noticed that the staging URL that is normally output as a comment was missing from new GitHub PRs. Previously, this URL was added automatically by the Azure/static-web-apps-deploy GitHub Action for PRs in our Hugo based websites.

PR Comment

After a bit of digging, I noticed a warning message in the logs of the Action that said:


Done Zipping App Artifacts
Uploading build artifacts.
Finished Upload. Polling on deployment.
Status: InProgress. Time: 0.178533(s)
Status: Succeeded. Time: 15.3731517(s)
Deployment Complete :)
Visit your site at: https://white-glacier-0d2380f03-300.westeurope.2.azurestaticapps.net Unexectedly failed to add GitHub comment.
Thanks for using Azure Static Web Apps!
Exiting

The Solution

Initially I thought the problem might be a change in functionality of the Azure/static-web-apps-deploy action. However, it turns out it has not altered since May 2021.

So next I tried to add my own PR comment using the actions/github-script action

- uses: actions/github-script@v6
  if: github.event_name == 'pull_request'
  with:
    script: |
      github.rest.issues.createComment({
        issue_number: context.issue.number,
        owner: context.repo.owner,
        repo: context.repo.repo,
        body: 'Azure Static Web Apps: Your staging site is ready at: ${{ steps.builddeploy.outputs.static_web_app_url }}'
      })

This failed with a 403 error, so I realised my problem was missing permissions. So added a permissions block to the job

jobs:
  build_and_deploy_job:
    if: github.event_name == 'schedule' || github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
    runs-on: ubuntu-latest
    permissions:
      contents: read   # This is required read the repo
      pull-requests: write  # This is required to comment on the PR
    ...

Note: As soon as you set any permissions you have to set all the ones you need, as setting a permission removes the defaults. So in this case, if you just set the pull-requests: write permission but not the contents: read permission, the workflow would not be able to clone the repo

This worked, but then it occured to me, was the original error just permissions related?

So I removed the actions/github-script action but left the permissions block and as I hoped the staging URL appeared in the PR comment.

So my assumption is that default permissions have recently changed. It just shows it is always a good idea to be explicit with permissions in your GitHub Actions workflows.

For the original version of this post see Richard Fennell's personal blog at Where has the staging URL PR comment generated by my GitHub Actions workflow gone?